Topic: Secure the upload? (Read 2709 times)

Mansour · « **on:** January 19, 2007, 12:29:48 pm »

Hi

I was used cpg1.4.9, and my web site was hacked and all DBs was deleted. They used a vulnerability on cpg1.4.9 to upload a php file and take a full control on my DBs.

I would like to know, how can I secure the upload ? can I use "Password Protect Directories" to add addition authentication on upload files on the server ? I have only one user who allowed uploading to the gallery.

Also, how can I disable the upload at all? I just want to open the gallery without uploading any file. Is deleting the upload.php enough ?

Thanks

Nibbler · « **Reply #1 on:** January 19, 2007, 12:52:58 pm »

To disable uploading just set permissions on the groups page.

Mansour · « **Reply #2 on:** January 19, 2007, 01:04:58 pm »

Hi,

thanks for this response,

I don't want to do it with cpg, I would like to make sure nobody can upload any file on the server using cpg even if the upload allowed for some user.

I mean add password on the folders, or change the folder permissions

Joachim Müller · « **Reply #3 on:** January 20, 2007, 11:07:45 am »

CHMOD then if you think that this is the proper method (which it is not). Not related to coppermine, but webserver setup. As suggested, disabling uploads is all that it takes unless you have backdoors on your server.

News:

Author Topic: Secure the upload? (Read 2709 times)

Mansour

Secure the upload?

Nibbler

Re: Secure the upload?

Mansour

Re: Secure the upload?

Joachim Müller

Re: Secure the upload?